The IT Security Attaché

In today’s world of technology, you’re under attack from multiple angles, products, solutions and people, yes, people, even those you may know. The threat from known and trusted sources is ever increasing because of the simple fact that because I know you I will trust that what you’re sending me is legitimate. This is a very bad analogy and one that only lead to serious issues because you never know if the message, file, document or link was intentionally sent from the person rather than an infected system being operated by a bot master.

When an infected system gets to this level where it is sending out invites, notices, links and other kind of communications from your PC, the end user is at the mercy of their common sense in thinking of whether or not to open and use it. This presents many problems for the end user because this could come to you in the form of many things, all of which are valid resources that you may normally use.

Let’s take a quick look at a few of the top ones.

Web browsing – quick, simple and easy to infect by drive-by-downloads. One of the fastest growing trends of infection today is the use of websites for infection. A drive-by-download is when you visit a website that has been infected with malicious codes and by simply viewing it the code is downloaded onto your system and builds itself into a threat. Because of its simplicity, there have been drastic increases in the number of infections from drive-by-downloads that are even bypassing anti-virus solutions and making a successful hit on the system. Many will not even know when they are hit because the payload and production is done behind the scenes and is totally transparent to the user.

Are you running the latest version of the browser?
What kind of threats am I exposed to by using this browser?
Does it have a history of successful exploits and if so, am I vulnerable to them and how can I fix them?
When was the last time you checked if you are running the latest updates, patches and fixes for your web browser?
Is the browser configured for optimal use and security while browsing the internet?
These are basic questions you should be asking yourself.

While this is a major issue today, many people still get caught up in the discussion of browser security and what is best, better, more secure or even more vulnerable. My word to you today is, all systems, applications and browsers are vulnerable if not properly patched, secured and used efficiently. Many systems are running vulnerable applications that a hacker or malicious piece of code has many entry points to be successful in hitting a mark. Many users are running security solutions that are outdated, unpatched and expired that it is scary to think they are comfortable with these things.

Email – an infected system is used to send messages to everyone in your address book pointing them to a website they need to visit that is riddled with threats of all sorts. This is one of the easiest forms of compromise because everyone knows that you should not accept emails with attachments from anyone you don’t know much less to get it from someone you know.

So what do you do when you receive an email from someone you know, love, trust and/or do business with?

So I just guaranteed myself that you will visit the link in the email because you’re thinking that it’s legit/ok and because there are no attached files in the message what are the chances of a risk, hmm, much more than you think. Drive-by-download is the fastest and most successful form of attack because of its simplicity. Most people today are not running a security solution that provides web filtering and web browser security and so the traffic goes unchecked. So as simple as that, you visit this website and because your anti-virus solution is not able to detect and block these attacks you’ve now been owned.

IM (Instant Messaging) – a growing trend that is easily exploited and with major impacts because a worm hijack the IM application and start sending out messages as if it was the user sitting at the PC doing it. So you have 200 contacts in your IM list and they are all vulnerable due to you being infected with this worm that is spreading from your PC.

Will you know this is happening?
Maybe, or maybe not depending on how you manage and maintain your system. Maybe one of your contacts will say, hey, I got this message from you to look at some pics on a website but when I went there nothing happened, it was a blank page with an error on it.

Hey, guess what, you’ve just given your friend the threat or exposed them to it unbeknownst to them. This is such an easy method of infection that it’s unnerving.

Storage and media players – now here’s one of my favorite. The use of storage devices like USB flashes drives.
Who doesn’t have one today?

They are so prevalent because of the low cost, ease of transporting, size and high storage that you can get them any and every where you go today. It is a very nice giveaway at an event where the host wants you to have the information or handouts in a soft copy. Go to any tech store or even online today and you can get a 4GB drive for under $20 and in some cases even under $10.

Media players – through the sharing of media files such as avi, mp3s and mp4, threats are easily slipping through the anti-virus systems and successfully attaching to the systems and causing all kinds of damage. One must be very cautious when it comes to sharing files such as mp3, avi and other media containers.

Back in the day we used to think of an infection as an application that has to be run (some still do today), while that was true then for most of the threats out there, it is certainly a different ball game today. You don’t have to run anything to get an infection, simply viewing a website/page is enough to cause a world of pain. Yet, unchecked, old systems with old scanning functions are being used to ward off these new threats and type of attacks.

Back in the day we used to think of email being just text messages, today email is the primary delivery mechanism for audio, video, text and many of today’s critical threats that propagate through the wires.

We need to get rid of the old mindset of thinking and wake up to a new and more sophisticated level of warfare that we would never send our children into but has come into our homes and is right there in front of our families.
We need to rise above the decadent levels of omission where one is exempt from high level meetings, discussions and events because they do not meet certain requirements, but are adversely affected and impacted by these same issues. None should be omitted as the omitted can be your weakest link or area of vulnerability.
We need to start thinking of threats as the new form of invasion from known and trusted sources. You are just as much at risk as anyone else and the threats does not care who, what, why or where you are online, you are at war now stand up and fight by educating yourself, being aware of the threats/risk and arming yourself with the proper solutions to protect you.

These are some of the needed education and awareness that we should be exposing our children and youths to today as they are as much involved as those of us in the workforce and industry.

Thank you and have a great day,

~Brett A. Scudder~

So here I was caught up in another messaging discussion and the use of online mail services. I don’t mind having a discussion on mail security but when it comes to infrastructure people tend to think I over extend the value and need, do I?

~Brett A. Scudder~

Greetings my readers,

I can truly say that after spending the past two days hammering out the features, functionality and usability of the two devices side by side, I am much more confident, comfortable and relaxed with the HTC Touch Pro 2 than my iPhone (which I only have for testing and comparative reasons anyway) as a professional, music connoisseur and just being able to have it manage my day to day activities, planning and scheduling. As a person that lives religiously off his calendar, I must feel comfortable in the device I carry and its ability to keep me on track.

Once Microsoft opens up the app like store I’m sure this will push the usability and functionality levels even higher and I can’t wait. My only fears, and I do mean fear, is that the upcoming Windows Mobile v.6.5 may bring changes to this setup that may not work best for me and so I will be making a backup of my existing setup before upgrading to WinMo v.6.5.

So now I prepare for WinMo v.6.5 and I will complete my full review of the device on the existing WinMo v.6.1Professional and post it shortly. Until then, I’m just all over the touching.

Have a great day,

~Brett A. Scudder~

Greetings,

I must say that Symantec is doing a great job with SEP and the new support for Windows 7 is making things so much sweeter. I’m just loving it and since i’m now running Windows 7 on 70% of my systems, i’d say that’s a good level of comfort for me.

I’m spending some quality time with SEP and Win7 today to ensure that my systems security is rock solid and I am covering all my bases. It is much lighter and doesn’t use as much system resources as the previous versions. Very nice improvements.

Have a great day in your neck of the woods.

~Brett A. Scudder~

Good day to you,

This is just a reminder as we are working on building up the membership and visibility on/of our site that every 100th member will receive a $50 gift certificate. We’re not only offering good information and resources, we’re offering valuable incentives as well. We’re working on a referral program that will offer $25 to every member that brings 25 active users to the network.

This is to prove how serious we are about getting the values and information on and about IT Security out to the people as it is a people problem and we’re addressing it that way.

Please spread the word http://www.titssn.org/blog.php?user=1&blogentry_id=37.

Thank you and have a great day,

~Brett A. Scudder~

Greetings my fellow readers,

Oh yes, I can’t wait as the excitement builds up. Windows Mobile 6.5 will be released on October 6^th and I am dying to get a shot at it. My HTC Touch Pro and Touch Pro 2 devices are just drooling over it with raw excitement. I really wonder how much different it will be.

So, are you ready for the next level?

Get ready, it’s almost here.

~Brett A. Scudder~

Hi all,

Well it’s about time. I have been waiting patiently for it and it is now here. I have been playing around with it for the past few days and it’s looking and feeling good. I will have more time to play with it across other OS versions this weekend but so far so good.

Very exciting.

~Brett A. Scudder~

It isn’t a good day and so I’ll not start off with my normal good day to you intro, however, I will maintain my etiquette and say,

Hi all,

It isn’t everyday that you run into such problems but when you do, it is on a day that is most uncomfortable and you try to deal with it as best you can. The MTA is raising fares but not raising the quality of service and that for me is a big problem. I have no problem with them raising the fares to a decent amount that justifies the fact that the quality of service and resources being provided are also being raised.

Now after waking up, getting prepped both mentally, physically and emotionally for yet another challenging day in the workforce the last thing I need is to get on the train and sit in an area or seat that leave me walking away smelling like I’ve just gotten out of a dumpster. Something’s wrong with that picture and it doesn’t sit or smell well with me. Mind you, one can smell this from a far at times but sometimes the hidden threat sits there just waiting for you to meddle in it. The sad part is that it will sit on you for the rest of the day while you have to interact with people at work and on the way to and from there.

Why does this happen?
What can be done about it?
Should this be happening?

These are all valid questions that can and must be addressed if the MTA should be allowed to raise fares and increase costs on us as customers without raising the bar on the quality of the service(s) being offered. I Would like to know that after leaving my house groomed and poised for the full day ahead it is not marred by my first 5 minutes of being on the subway which in turn ruins my entire day going forward.

C’mon NYC MTA, step up your game.

Thank you and have a great day,

~Brett A. Scudder~

Good day to you my fellow readers,

What can I say, of all the years I have been using mobile devices I must say that the new HTC Touch Pro2 is by far the sexiest, slickest and most feature rich device I have ever used. I put both hands up (not thumbs) to HTC on a job well done and the more I dive into the device is the more I’m loving it and seeing its full potentials. This device is changing the ways I see, use and feel about mobile devices and confirms my feelings that they will play a more significant part of our lives going forward.

Thank you HTC for a job well done and I hope this is just the beginning of a new and improved line of devices to come. I’m loving the high resolution on the BIG screen and the touch and feel on the device, features and settings. Loving the bigger buttons too, oh yea. Now I’m doing a comparison between the Touch Pro2 and the iPhone, hmm, very interesting .

My full review will be released soon but until then, I’ll keep teasing you

Have a great day,

~Brett A. Scudder~

Good day to you,

A new year is upon us with many challenges and the need for more focus, enhancements, integration and attention to the organization and its initiatives and we are very excited about this new upgrade for Brett that will allow the management, stability, understanding and control for our future.

Brett v.2010 will bring a whole new level of professionalism, etiquette, ethics, class and style as his slick new makeover is one of productivity, effectiveness, progressiveness and success. This new enhanced version brings some needed added features of his mindset, scalability, and interoperability that will allow him to take the organization to a whole new level of professional services, support, interoperability, scalability and integration. Brett will now be better able to project, manage and handle the roadmap ahead as we move forward with our initiatives and integrate with other international organizations to bring more education, awareness, training and development of and about technology and IT Security.

As Brett v.2010 rolls out so will a new set of upgrades and enhancements to the network as we release TITSSN v.2010 as well. We have new chapters and subgroups that are being formed to help in the rollout of our educational training and development initiatives. So here’s to a new year for us and the new release of Brett v.2010.

We look forward to this new version release and the enhancements and values it will bring for us.

Features and enhancements.

Smarter – always a good things to have as one must be able to pull things together in a holistic way that encompasses people, processes and things
More intelligent – always producing creative thoughts to enhance productivity, efficiency, effectiveness and usability
More intellectual – able to apply the appropriate thoughts and reasoning to any situation and know if/when to seek additional help
More receptive – always willing to listen and be an ear if/when needed
More organized – creating and maintaining personal and professional structure
More diversed – able to work with all levels of users, people, cultures and ethnicities
More scalable – working with the consumers and lower to middle school youths to create a more educated, connected and resilient network of people at these levels.
More interoperable – bringing together all vertical, specialized and industry markets under the same initiatives and enacting more specialized programs for them.
Better equipped – increased infrastructure
More alert – always ready to acknowledge, advise, detect and respond to anything
More education, awareness, training and development – can’t have enough of these
Enhanced communication and integration – keeping the communication channels open through voice, text, IM, online and offline
More connected – available in all places and at all times

Thank you and have a great day,
 
~Brett A. Scudder~
The IT Security Attache

Good day to you Mr. President,

It is good to see that you are taking a stance in the IT Security issues of today but the most fundamental problem we face is the concept that it is an industry or corporate problem. IT Security is a people problem and until we start seeing it that way our approach to the issues will always fail. The availability of information and resources to mitigate these issues needs to be centrally available and disseminated effectively across the board in an unbiased manner.

No man stands alone in this cyberwarfare, we must unify the effort to strengthen all links/angles as all are affected, no exceptions.

The problems of the technology space exist across all levels in personal, business and professional use. All are impacted by these issues and when a corporation is hacked and the data stolen, in most cases the end users are the ones that suffer because it is their personal info that ends up in the hands of the hackers or thieves.

I love the fact that you are a technology/gadget minded person as you’re aware of what they entail and how vulnerable we can be through them. I’m sure you would like to see these issues by more feature/resource rich securely and so we both share the same goals, security for all and across all levels.

How about helping us create better education and awareness initiatives like our ENGAGED. We need these levels of training, education, awareness and development at the lower school levels as well. Provide the funding needed to expand on the security users’ group communities and driving the availability of information and resources.

Let us work together on these initiatives and get over the power struggle issues.

We look forward to working with you and your administration sir.

Thank you and have a great day,

~Brett A. Scudder~

Hi all,

So finally it is here and i’ve got my copies (x86/x64) and ready to start testing. This is another sweet benefit of having a TechNet or MSDN subscription. This will be fun as I am very excited about Windows 7 and want to help in its development process.

I’m also starting some local training and development sessions out of my office and the local Microsoft office in Midtown so lots of early previews and training to come.

Stay tuned and have a great day,

~Brett A. Scudder~

Greeting my fellow readers, friends, associates, et al,

I don’t know who in their right frame of mind today can justify having 8 characters for an online hosting account as secure. For the love of all that is good and secure today, we need longer passwords for online hosting accounts. We have so much information and credibility built into our web infrastructure that we need more comfort with the basic access privileges and restrictions.

How hard is it to enforce long complex passwords?

If you can’t, then by all means get your infrastructure updated to allow this needed feature.

I mean, at the rate of which an account with 6-8 characters can be hacked today, would you feel secure using a company that doesn’t allow long complex passwords?

C’mon guys, we need hosting companies that we can feel confident and secure with from a login perspective. This is ridiculous. There needs to be a law that stipulates the minimum requirements for all web hosting services. Give me a 40 character password account please. Let me worry about forgetting the pass(code/phrase).

This really upsets me. Where’s our government liaison for cyber security affairs, I need a word.

~Brett A. Scudder~

Good day to you,

I would like to take this opportunity to share some very critical information with the self employed and home based business owners about the state of The IT Security Threats Landscape ~TITSTL~ and how it affects you. This is a discussion I have every day as more and more people in these categories are finding out the real effects and impacts of these threats are not excluding them and that they fall very much into the mix of it. As the economy tightens its grip on our lives, those who are being laid off are turning to home based and self employed business thus sparking an increased growth in this area of business. The SMB space has grown tremendously since his recession and to that end has become a serious security issue for us security professionals as we look across the IT Security Threats Landscape horizon.

Therefore, the reality of the issue must be faced thus bringing the question of, what am I to do about it.

I have published numerous articles on these threats, preventative measures and how to deal with the security issues of today and tomorrow on my blogs but I am going to do this as a summary of those here.

First let me say this, if it requires a security patch (let’s just keep it at security for now), it is vulnerable.

What does this mean?

Simple, any operating system, Microsoft, Mac, Linux, Solaris, you name it, that requires a security patch for any reason is vulnerable. The patch is to prevent exploit of the vulnerability right so it is a security risk.

I had to get that out of the way so that we wouldn’t get into the ridiculous argument of which is more secure than the other. The way I see it is simply that, if a door is left open for anyone to come through it, the length of time left open versus the threat that comes through it is just as critical. So, any open door is a threat no matter where. What comes through it may differentiate the severity. They all have their insecurities at some point but how the vendor/developer addresses it lessens the impact and wide scale visibility of the issue. While some may announce these vulnerabilities and findings, other may patch/update them behind the scenes thus limiting the visibility and knowledge of the user.

Second, anti-virus alone is NOT going to protect you from the threats of today. It takes a multi-layered approach and as such, the various layers of protection must be enforced. So telling yourself that you have anti-virus protection on your PC is being as naïve as saying the threats doesn’t affect me and i’m not worried about them. While it is true that most anti-virus vendors are bundling multiple threat protection/prevention layers into their solutions, the proper configuration becomes the caveat to that solution. While many deploy with an out of the box config, there will be tweaks needed to customize it to your environment and needs. So one must understand what is being deployed and if it will provide the layers of protection needed.

So why is IT Security so serious for me as a self employed or home based business?

Well, ask yourself these questions,

What is it that you do and how do you do it?

Do you use email?

Do you send emails to customers/clients/partners/associates/potential clients?

Do you leverage the powers of social networking/media (Twitter, LinkedIn, MySpace, Facebook, Ning and the list goes on) today?

Do you use IM for personal and/or business use?

Do you browse the internet for data/information on whatever you’re working on or researching?

Do you do online banking or shopping?

Do you download multimedia contents from the web (music, movies, flash videos, etc)?

Do you download online presentations (PDF, PowerPoint)?

Did you know that PDF files presented one of the biggest security risks over the past 2 years but is the most widely distributed online document format?

Do you have a printer or some media player connected to you system(s) at home or in the office?

Do you have any applications running on that system aside from the operating system?

Do you know of the Breach Notification Law in your state and what it means for you?

When was the last time you downloaded a keygens or crack file to open full access to that app or game you really wanted but didn’t want to buy/pay for?

Maybe you didn’t crack/keygen it but someone did and opened a backdoor which planed a rootkit or some nefarious threats on your system(s). What happens when you use that for business purposes, what are you spreading to those you collaborate with?

Well by now i’m sure you’ve caught my drift and I don’t have to get technical for you to see how you’re affected. All these questions pose security risks in various ways and are able to be stopped, prevented and protected if the proper education, awareness and measures are put in place. Don’t ask if you’re affected or if I should be taking these things seriously, you must. You are as much a risk to me as I am to you if the proper steps are not implemented to secure your system and the data/information you have sitting on it about me, you and those you collaborate with.

That system is being used for personal and business use and at some point the access to/from or by a threat is heightened because of the lack of separation of the two. A system that is used by everyone in the home should not be the same used for doing your business. When someone in the home decides to crack that app and opens that backdoor, you’ll never know what can come through it and what your risk factor will be or are. Separate the two, business is business and personal is personal. The cost of a system today is much more affordable than a few years ago so it shouldn’t be a problem to get an extra one.

You are not a small business because you have 5 people working for you. You are not a small business because you only have 5 computers in your office or where you decide to conduct your business. To me as a security professional you are not a small business (home based or in an office) when you have records/information and access to 5000 people. A doctor who has an office with 5 employees and 8 systems managing 4000 patients’ info is not a small business in my eyes. If you’re a consultant running your own business and you manage systems or information for your clients you’re now there biggest risk because it’s your responsibility to control that. Every PC must be secured whether it is connected online or not as you never know if/when it will cross the line. This is how I see security.

When you decide to start doing business today you must consider the role you play with those in which you will be doing business and the kinds of interaction you will have with them. When sending an email from an infected system (whether you did or the resident worm) it is still coming from you and the possible effect on the recipient(s) can be adverse which may lead to legal issues.

When using social network can enhance your presence and what you do significantly, it is also an area of heightened risk both personally and professionally. Know the need and use it accordingly. Social networks are the future of collaboration but one must decide why the need and create the separation. If it’s for personal use one should always remember the impact on themselves as they are now putting themselves out there to the world. If for business, one should decide on how they want to be seen and what they would like the world to know about them and what they do. Social networking is a great thing to have and use, it’s the management and control of that presence that matters. The threats people face on social networks are the same they would face outside of it but just through a different medium. Educate yourself on these things and you will be ok.

As for the Breach Notification Law, most people didn’t even know of such laws about digital contents and its security. I strongly suggest you take a look at the law of your state and understand the legal and financial issues it presents for you. Learn it, know it, and understand it. If in doubt, reach out.

The active Conficker worm should be enough of an eye opener for you and if you don’t know what it is then you may have bigger problems that I thought. Security is not just about you, it’s about your way of life today both on and offline. I am not here to scare you but it is better to know before than after as the damage control, legal and financial issues after the fact is much worse and a very daunting issue.

As for the online scams, phishing and SPAM, it is only going to get worse and until you educate and make yourself more aware of and about them, you may fall victim to them as they are craftier than ever.

Ok so I have chatted enough and now you’re saying this is too much so I will leave a few articles of reference.  Feel free to contact me if you’d like to discuss further and in more details.

The Conficker Worm – my review

A grim day for browser security at hacker contest

State Security Breach Notification Laws as of December 16, 2008 and the Conficker worm

IT Security Education and Awareness 04-09 #1 – IT Security is a people problem, not an industry one

Apple Mac users warned of web-based malware threats RSPlug-F Mac Trojan horse distributed via HDTV website

TITSSN leverages the Twitter network for critical alerting, notification and network happenings (meetings and events) as of April 1st 2009

Security/Privacy Awareness 03-09 #1 – Do you understand the breach notification law is in your country/state, do you know what it means, all are affected.

Thank you and have a great day,

~Brett A. Scudder~

The IT Security Attaché

Good day to you,

I’m off to our monthly group meeting at Microsoft with guest vendor Fortinet. I will also be officially launching the ENGAGED and SecurMentor initiatives tonight. Very exciting. More details to come.

http://titssn.net/nyitsa-ug-april-9th-09-meeting.htm

I will be at Microsoft from 6-9pm and will check on things when I get back.

~Brett A. Scudder~

The IT Security Attaché

As I look across the IT Security Threats Landscape ~TITSTL~ today, I am very, very concerned at the recent increase in “sophisticated and re-architectured” threats that are popping up online today. Every day there are thousands of new threats, variants and exploits popping up out of the wood works but today we’re seeing an increase in the ones that are more structured, well architecture and positioned to circumvent many security settings and solutions on the market today. As I look at these I can’t help but to ponder how seriously people take these issues or is the lack of education and awareness getting worse as more technology is being introduced in our society without proper knowledge of what they are.

Anyone can get internet services today in various forms, broadband (cable, DSL, satellite), mobile (EV-DO, 3G) and wireless wherever available. The introduction of Netbooks is adding to this mobile threats issue as they are so small, slick and loveable that people will be losing them more easily than the bigger traditional laptops.

So here’s the thought process on this.

What if there was an internet security law in place that states, you must protect your PC against the threats of today by running this, that and then some (depending on the OS of course)?

If found guilty of running a PC without these basic steps in place you will be fined, system confiscated and possibly arrested depending on the violations of let’s say, data loss of a number of people (depending on if this is a business or end user).

What if such a law was put in place, what do you think would happen and what would you do?

I can see it now, some car pulls up at your house and guys in black suits come out, walk in and take you and the system away because they have scanners roaming the internet looking for systems that are not running specified services/products/solutions.

You’re under arrest for violation of code WT123-Basic-internet-security-policy revision 2009 in the state of Wassu which resulted in the loss of 5000 people’s personal/private information.

Sounds like a movie doesn’t it?

Wake up, it may very well happen.

Our thoughts as I ponder on this myself.

~Brett A. Scudder~

The IT Security Attaché

Yep, blocked them across the sites and walla, SPAM levels down by 90% in a day. These guys are persistent.

Interesting isn’t it?

The IT Security Attaché

Good day to you,

Every day I talk with people across all vertical markets, business sizes, organizations and cultures about the IT Security issues being faced in our world today and how it impacts our everyday lives, and it is becoming one of those awakening kind of issues for many. Whether they like it or not, they know they are affected in one way or another. While most people tend to try and figure out if and where they fit into this Matrix, the recent mass media explosion of the Conficker worm created somewhat of a sense of understanding as many now saw it from a non technical aspect and as what it really is, a people problem.

As a security attaché, I have relayed this message of IT Security being a people problem and not an industry one for years but it doesn’t resonate well for many because they didn’t understand the matrix and how it worked. Now that they saw and heard of it on the TV (which is an even bigger influencer on people today), the same things we IT people have been trying to tell them now makes some kind of sense. Let us take away the fact that whether the media coverage on the TV was doing much justice or help for the issue(s), it did add a well needed visibility to the scope of the problem and that was very well needed today. It would be nice if we say a segment on the news specific to The IT Security Threats Landscape ~TITSTL~ and issues in and around it. They could bring in some professionals in the field to talk about the issues and what is going on and how people can protect themselves in it. That would be a well needed thing to see at that level today as we are going into this vast technology future of ours which we’re taking head on without looking at the real implications and effects of it.

The logic behind the issue is simple, because your system(s) are up and running and have not been wiped out nor shut down by a threat doesn’t mean it is safe, secure or threat free. In many of my health assessments I have shown the owner my findings of worms, trojans and other blended threats that are sitting on their systems because of lack of proper security solutions to protect them or the improper configuration of the solution being used. The fact that they are there is one thing, what they are doing is something else and both are critical issues to ponder.

While many will refute this fact, I have seen, worked and handled enough of these cases to state as a fact that many fall into this area of The IT Security Threats Landscape. A resident rootkit, keylogger, worm or whatever the variant may be, is actively working its way through your system and causing some form of data loss/theft or compromising the state of applications, connectivity or system stability that we security professionals deem critical. Here is another way to look at this.

If you went to the doctor for a cough that has been bugging you for a while and he says to you, you have a chest or respiratory infection would you tell him no?

If he says to you that you need antibiotics and some cold medicine do you tell him no?

Why not?

Because, this is his field of expertise and study and as such he can make this assessment based on his knowledge of the issue and the facts he has from testing you.

Are you a medical person to dispute his statement and will you seek a second opinion from someone else?

The fact that you’re still alive and well (somewhat, depending on how you define well) does not negate the reality of the issue that you are infected with something that is causing some kind of issue/effect on the body resulting in that cough which in our field of IT we would call an early warning. So, this is the same way in which we look at the IT Security issues of today and how people tend not to look at it. They haven’t gotten that early warning of a cough because the system hasn’t picked up on it yet and when it does happen, because they have not fallen and can’t get up this is not a critical issue. The system becoming slow and unresponsive is that early warning and at that stage most people tend to seek professional help depending on the need/use of the system and how critical it may be for business or even personal use.

So here we stand dealing with people who are harvesters of thousands of people’s information and things about them (whether you know or like it) and they rest idle to this decadent behavior and mindset. Yet, unchecked, their systems sit comfortably hosting these blended threats which are sending/stealing critical private, personal, financial data/information to these hackers unbeknownst to them. The careless whisper of ignorance to these issues is the driving force behind the growing success of such threats today. A hacker have so much more to gain from you giving it to them than for them having to go through getting it from you and is why the botnet issue is such a growing one today. The use of keygens, crack files, peer to peer (P2P), unpatched applications and systems makes it so much easier to exploit what is available that one tends to wonder when and where does it end. It ends with user education and awareness on and about the threats landscape and what these issues are. It end when people start taking this seriously and realizes that you’re just as much a victim as anyone anywhere if you’re not protected properly.

It ends when you stop saying I have anti-virus protection and so i’m ok when you know you haven’ renewed that subscription over six months ago and so you’re missing all the latest and greatest signature based protection that it should provide. Anti-virus alone CANNOT protect you from the threats out there today, it has to be a layered approach where various solutions are in play to cover the needed layers.

It ends when you wake up from this illusion that my OS is more secure than the other and so I don’t have to worry about these security issues.

It ends when we stop underestimating the knowledge of your youths and start educating them much early on the proper use of the internet and the functions and features of it. IT Security must be a part of the school curriculum today as technology is our future for tomorrow and they are our next generation of professionals and leaders.

It ends when you start accepting the fact that you are as much a risk to me as I am to you if we’re not practicing basic IT Security best practices.

It ends when you stop taking the cheap way out of operating a business when hosting people’s private and confidential information which is priceless to them and they trust you to keep it secure. Have some respect for your customers and let them rest comfortable knowing that you have their best interests at heart in properly protecting your infrastructure.

It ends when you realize that these threats are released in the wild with no specific targets but the system(s) you’re using which unfortunately is in the homes, schools, workplaces and places of general interest.

The treats are not specific to government and their systems. It is not specific to the private or public sectors. It is not specific to the educational institutions and it certainly isn’t targeting the healthcare sector only. All are affected and are in the path of these threats because, they are all sharing the same interconnectivity transport medium, the internet and the internet respects no one and has no boundaries.

It is time that people take this as a basic part of their lives where one does not get consumed on questioning the validity or severity of the threat but questioning the readiness of themselves and their systems to face them. While our government may understand the real scope of these issues, their efforts to create effective management and policies to protect the country’s infrastructure are missing critical elements, the people and the roles they play in strengthening the protective layers or being a weak link and point of entry/compromise for what is being implemented. Unless we strengthen the people through education and awareness they will always be a weak link in the chain of protection.

When a company is hacked or they lose their data by whatever means there is, who suffers the most, the employees, the end users. The company suffers a data loss or has a breach but the actual data may be your private and confidential information. Even if the company loses its financial data, it has a much better recovery rate through insurance and such than an individual who now suffers from the loss of privacy and here in the US, credit ratings.

Think about the many places that have information about you that you consider to be private and confidential. Your employer has your social security info (and possibly family members who are covered by you), some financial info for direct depositing of your paychecks. Your 401K info. Health and life insurance info.

Your doctor has your private health records and, results. They have your family’s private info as well as some kind of visit may have been had over the years and that info is in the system.

Your bank has all your financial info and records. They may have your mortgage info as well (if you own a home). The car loan and all the info in it. Student loans and the works.

So think on these things and when you look at all of them, who is most affected in the event of a data loss or breach at any one of those kinds of organizations or businesses, you, the end user, consumer, employee.

IT Security is a people problem and must be dealt with accordingly. It is not about selling security, it’s about creating greater education and awareness about it so we can all contribute towards upholding the strengths of the protective security layers that are there for our protection.

Stop asking if this is real, ask yourself, how do I protect myself, my family, my business, my country from these elements and there effects. This is REAL.

When in doubt, reach out.

~Brett A. Scudder~

The IT Security Attaché

Greetings,

It’s that time of the year again and now I have more of a challenge this year as I have more systems to refresh. Every 2-3 months I do a complete system wipe and rebuild of my primary systems (now 16) to give them a clean start and a fresh look and feel. During the year I test so many products and solutions from the industry and once I have tested and like something, it gets added to my approved applications list and is allowed to be installed on my primary systems. It also give me a fresh build as I get rid of old install files or hidden threats that may have been left behind and now the system breathes and runs much better.

These are different from my test boxes that I may refresh daily, weekly or after a few months depending on what i’m testing on it and the period needed to properly deal with it.

As a senior executive on various committees, boards and teams, I take my security practices very seriously as a compromise on my end could lead to mass messaging or some kind of threat coming from my network which could lead to serious issues for my recipients. I am very vigilant about keeping the best of best practices for my organizations infrastructure with regular reviews and updates. As a security professional responsible for numerous organizations infrastructure, I practice these steps to protect myself and those who I collaborate with and the responsibility to protect the people and data in them. One can never be too cautious in this time and age of new and emerging technology and threats and so I try to stay on the cutting edge of the security issues.

So it is that time and my first refresh of which I am somewhat happy for as i’m getting ready to move most of my Vista boxes over to Windows 7. I have been playing around with some new products and solutions and will be moving over to them during this refresh cycle. The timing of this new Conficker worm couldn’t be any worse (or maybe better) as i’m refreshing between March 31st-April 1st. I’m also rolling out a hot new UTM ~Unified Threat Management~ device today as well and I look forward to its protective features and enhancements.

So away I go to start prepping for my refresh and trying to keep up on this Conficker issue which has set me back a day in my schedule.

Thank you and have a great day,

~Brett A. Scudder~

The IT Security Attaché

Hi all,

If your day went like mine then you must be beat, phew, what a week so far.

It’s 3am and i’m scanning the wires, net and blogs to see what’s up with Conficker so far. All is well and from the looks of things you still have time to get those patches loaded, get that anti-virus/anti-malware loaded, configured and run a full/deep scan.

I just completed a full scan of my network and double checked my logs and settings and everything looks ok. We’re still early into the day and so who knows.

For those who are saying it could be a joke/hoax and not preparing for it,

What if it isn’t?

Would you want to be prepared even if it isn’t?

I see that the anti-virus vendors have been busy. Some have released 4-6 new definition updates over the past 12 hrs and that’s a good sign. It means they are still working diligently on helping us stay secure. By the time it hits morning here in the US everyone should be running some April 1^st 2009 definitions as I expect there will be at least 1 or 2 within the first 8hrs. If you’re not running with an April 1^st def, then make sure you’re at least at March 31^st after running an auto update for definitions.

I haven’t slept since Saturday just from prepping for today and helping people get their systems patched, updated and secured but I am surely going to catch a few zzzzzzz in a few.

The day is young, be safe than sorry, patch and secure up and rest well.

Until later when I rise,

The IT Security Attaché

FYI…

Original URL: http://www.channelregister.co.uk/2009/03/30/conficker_signature_discovery/

Researchers find super worm cure, just in time

By Dan Goodin in San Francisco

Posted in Software & Security, 30th March 2009 11:02 GMT

—————————–

My thoughts, feedback and input.

You have a few hours to work on this and I know you’re going to be vigilant about it. Let’s save what and who we can with our best efforts. Time is of the essence so get to it. I will be a bit busy for the next few hours checking on new vendor signature releases and info about this, dealing with my internal network and doing some last minute checking and changes so please pardon any delays in my responses for a while.

So now that signatures are being released for it is it over?

No it’s not. This is a staged effort. The signatures will be created, disseminated throughout the various security scanners, anti-virus and anti-malware vendor products but then comes the updating and patching of the systems.

If you are running an older version of a vendor product I strongly suggest you upgrade it now.

If you are running any definitions other than March 31^st 2009 for your anti-virus and anti-malware solution then you’re not fully protected yet.

If you are still missing Microsoft Windows patches (any and all of them) then there’s still some level of risk for you.

If you’re running vulnerable applications like Adobe Reader, Acrobat, Firefox, iTunes, QuickTime, web browsers, media players and other applications check to make sure you’re not missing any vendor patches. The developers have released secure versions recently.

I still stick to my original take on this which is, if you are already infected just wipe and start over. There’s no real guarantee that you will fully get rid of the infection and the various pieces it comes with. If not, you have a good set of protective layers to work with.

Keep in mind that a signature based solution works off detecting via signature and not anomaly based threats. As Conficker is a blended threat, I expect to see some aspects of it still evading some security solutions if not configured properly for effective use. Some people have their solutions configured with out of the box settings which may not be optimally configured for a critical threat like this with such a rapid change effect rate.

I know this is short timing but it is good timing to get the word out and get people to act quickly. Be kind and help to spread the word to your family, friends, partners, associates, peers and anyone you converse with. This is critical info that needs to be shared.

Let’s get to it people. I’ve been up since Saturday helping people with their systems and talking about this and I plan to get some sleep over the next day or two.

Good luck and please keep me posted on any new developments and happenings around this once April 1^st kicks in.

~Brett A. Scudder~

The IT Security Attaché

Well, it’s simple, you’re SCREWED, so just start the wiping and rebuilding process and don’t waste time trying to clean it up.  This is not one of those small time threats that you can clean up and rest well knowing that you’re ok. This is a new level of sophistication that took serious time, effort and though into creating and mapping out its deliverables.

So you scanned your system after hearing all this talk and alerts about this “serious threat” and now you’ve found something suspicious and you’re wondering what to do. Well, it’s not that you had blocked it nor was the system fully patched and the doors closed, it was already on the system and has already done its rounds of spreading and attaching itself to critical areas of the system. This kind of threat isn’t the kind that you can rest comfortably with (well I can’t/don’t) and I wouldn’t feel comfortable knowing that it is on a network of someone I converse with.

I mean, things do happen but there should be due diligence in your system security best practices and how they are handled prior to an issue like this.

Now comes April 1st and you’re wondering, oh my God, what am I going to do?

Well, you’re about to be activated and who know what your command, effects and impact will be.

I hope that this is more of a hoax than what I have concluded from my own personal analysis. Maybe it’s time you start being more proactive than reactive.

We’ll just have to wait and see.

IT Security IS a people problem, not an industry one.

The IT Security Attaché

Over the past week I have had so many requests to talk about this worm and why it is so bad and what it really means that I almost convinced myself that it was a brand new threat. Most people are so caught up on it as if it is a new threat but it really isn’t. It’s just a new level of sophistication that warrants the time and attention from the security professionals and vendors to stop whatever possibilities it may bring come April 1^st and beyond and for the general public to be aware that these are real life issues here. As I say every day, IT Security is a people problem, not an industry one because the impact and effects are felt in every area of our society and daily lives.

When CBS’s 60 minutes ran the story on Sunday March 29^th at 7pm, it’s as if the world woke up to the realization that this is serious. The very same words and things I have been telling people didn’t resonate until they heard and saw it on 60 minutes. Wow, and you wonder why the state of our security is so weak and poor, people don’t know who to listen to nor trust in these matters. So now I am talking to the same people who I talked o a year ago about the importance of properly protecting themselves from these risks and why it is needed today.

One person call me and was saying, “hey Brett, did you watch 60 minutes and see that new worm they are talking about. Man that’s serious isn’t it?”

So now i’m sitting on the other end of the line going, huh, are you serious, this is the same thing I have been talking about for years and trying to get you to understand, this is just a named threat but a threat none the less with a more sophisticated architecture and attack vector. It’s amazing.

I had more people asking which anti-virus software can stop this threat than what is this threat really about. This is one of the issues I have with a scenario like this because people need to take the time to learn and understand more about the threat and how it proliferates so they can better help to prevent the infection or spread even if they have security installed and running on their systems. We need more educated people to help maintain a strong wall of protection against the spread of these threats/risk via the internet today and tomorrow. Learn, get the facts, understand the need and activate the common sense.

Guess what, you’ve been activated. You’re now more alert, more intrigued, more prone to fighting these issues because it is in your backyard and you MUST DEAL WITH IT. How you decide to handle yourself is another issue.

I hosted an IT Security Webcast on March 22^nd and 5 people who declined to attend the session via the event invite on Facebook ended up with some form of infection two days later.

When asked how they got it, I was told,

I’m not sure or I don’t know.

The reason for declining my invite was that they have anti-virus on their system to protect them so they are ok and good to go.

What can I say?

Many will fall under these kinds of issues because they think they are good to go and not needing to learn or know more about how to protect themselves online. While they rest assured that they are protected by their AV client they still practice bad browsing, file sharing, file cracking, key generation and illegal software downloads everyday which gives systems access to these hackers via backdoors.

The next time you decide to download a keygen, password generator, cracked file, music from unknown people/sites or browse a website from an IM someone may have sent you, think twice about what you’re doing to your system, yourself and those you share and converse with. Support the developers and buy the apps. Get the real code.

The next time you decide to click ok on that pop up window without reading what it says while browsing, think again and take a minute to read it.

The next time you decide to open that chain mail and click on the link, hey, hey, hey, watch out now. You may know and trust the sender but do you know if he/she really sent it?

When in doubt, reach out.

And so we wait for April 1^st to see what Conf*ker will do to those systems already under its control.

What are you doing about it?

The IT Security Attaché

The Conficker Worm – my review

There have been many articles, reviews, information and posting about the Conf*ker as many people have started calling it. Depending on who you talk with you can replace the * with anything that suits your feelings towards it. The most interesting thing about this threat isn’t the fact that it’s neither a new one nor a new attack form, it’s the same old attackers doing the nefarious things they do but with a bit more sophistication. For me as an IT guy looking at all this, i’m getting the wow factor from some of the new developments and traits of the threat. So my take today will not be to overwhelm you with all the techno jargon and high level breakdown of the threat but just to speak on it in the most basic form so that even those who are non technical can grasp the severity of it.

So here goes.

If you get infected with the Conficker worm you’re screwed. Bottom line.

If this is a system that is on a business network it must be removed, quarantined, disinfected by any means necessary. Take no chances with this threat.

Get my drift?

Is this basic enough to understand?

Ok, let’s take it from another angle.

This worm is a blended (virus, worm, rootkit, botnet, adware, malware and the what else factor) threat in a blended threat with blended characteristics. It’s like catching a cold and getting a headache, ear ache, stomach ache, backache and chest pains all in one. It starts with a simple cold but quickly spreads to other critical areas of the body causing serious effects and harm. This threat is in a class by itself as it deploys various additional agents around the system that causes complete successful removal to be unclear.

If you have been infected with the worm you’re only real option is to completely wipe the system. Unplug, power down, power drain, complete power loss to all storage capacities of the system. This is a very serious threat.

As for those who have been asking about which anti-virus solution is best to protect against this, there isn’t one. Anti-Virus alone is not going to protect you from this threat and the blended effects. It will take a number of things to make this happen and here’s my list.

1.      System must be fully patched from all angles, the operating system, the applications, services, devices and drivers. When patching the Microsoft Windows operating system many people have auto update enabled but in different settings. Some have alert me of new updates but never apply the new updates. Some have it set to download and wait for my approval and they never approve the installation of the updates. Some have it set to download and install all updates. This is a good option to have. When patching the OS one must be prudent so as not to only apply critical patches but all software, severe and high updates as well. So I recommend if you’re doing the built in auto update please use the download and apply all. If doing it manually do a custom update which will reveal all the patches and updates needed.

2.      Anti-Virus alone will not protect you from this worm and most of the new threats in the IT Security Threats Landscape today and tomorrow. The need for an anti-malware solution is critical to combine the protective layers of web/content filtering, IDS/IPS, anomaly/heuristics based detection, network and proactive threat protections. This is a backup to the patching already performed on the system. A fully patched system can still be compromised if a targeted malicious code is allowed to reach it.

3.      Common sense if the name of the game and the winner of all security practices. Adding to the patching of the system and having the needed security solution comes the best practice of all, the user’s common sense in using the system effectively. As the person using the system one needs to pay very close attention to details in their messaging, web browsing and IM practices. Opening emails from known and unknown sources requires due diligence in thinking about the nature of the message, the contents and what is its relevance to you. A message from a known source may not have been sent by them but could have been the result of an infection on their system(s). This is the same for email and IMs. There are many IM worms that will hijack your IM client and send out messages to everyone in your contact list pointing them to a website for them to get a drive-by-download. Many people think very little of web based attacks while they are the fastest growing today because of the ease of infection and the delivery of the payload.

4.      User education and awareness. This is a very critical issue as many seem to think that these issues are a corporate or industry problem. When a threat like Conficker goes into the wild it is not targeting specific systems in specific industries only, it is doing a general attack across all systems within its path. IT Security is a people problem and we are all in its path whether we like it or not and no matter what OS vendor platform you’re on/running.

5.      Enable your built in firewall or get a third party one to put up some form of perimeter defenses.

6.      There are security suite solutions that bundles multiple security technologies and features in one suite. That may be a more viable option for you because of the integration and management options.

The fact of the matter is, we have these issues at the level they should have been years ago, in the media and across all industries as a people problem, not an industry one. I take the same approach to Conficker as I do to rogue Anti-Virus 2008/9 threat, if detected, wipe, clean, rebuild, reimage.

This isn’t something to play around with what is or if it is cleaned. The only way to be sure is to wipe it all out.

Thank you and have a great day,

~Brett A. Scudder~

The IT Security Attaché

Hi all,

I made it home safely and must say that I am already missing New Orleans. Last night we went to Bourbon Street and was out till 3:30am. The sad part was, we had an early start for the day as today was the last day of the event and so we had to be up at registration by 8am.

The other sad thing is, I had a device that had not readjusted to the time zone change and so it went off at 7am which was really 6am and so I was up an hour earlier than I planned and after coming in so late I could have used the extra sleep.

Anyway, it worked out ok as the fun filled and eventful day kept me awake and we all parted ways at 1:30pm when the event ended and now i’m home safely. Yayyy.

I now have to catch up on the past 5 days of work as I had rushed out of here so fast on Friday I left my laptop behind but luckily, I have an awesome mobile device that kept me in the loop and abreast with the needed access and resources I needed.

So i’m back home and ready to go.

~The IT Security Attaché~